├── package.json
├── LICENSE
├── README.md
├── aes4js.min.js
├── aes4js.js
└── demo.html


/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "aes4js",
 3 |   "main": "aes4js.js",
 4 |   "version": "1.0.0",
 5 |   "description": "A high-level long-term-supported AES-GCM 256 encrypt/decrypt routine for JavaScript using native WebCrypto API",
 6 |   "keywords": [
 7 |     "crypto",
 8 |     "AES",
 9 |     "WebCrypto",
10 |     "browser"
11 |   ],
12 |   "homepage": "https://github.com/rndme/aes4js",
13 |   "license": "MIT",
14 |   "author": {
15 |     "name": "dandavis",
16 |     "email": "rndme@users.noreply.github.com",
17 |     "url": "http://danml.com/"
18 |   },
19 |   "repository": {
20 |     "type": "git",
21 |     "url": "https://github.com/rndme/aes4js.git"
22 |   },
23 |   "bugs": {
24 |     "email": "rndme@users.noreply.github.com"
25 |   },
26 |   "files": [
27 |     "aes4js.js",
28 |     "aes4js.min.js"
29 |   ],
30 |   "npmName": "aes4js",
31 |   "npmFileMap": [
32 |     {
33 |       "basePath": "/",
34 |       "files": [
35 |         "*.js"
36 |       ]
37 |     }
38 |   ]
39 | }
40 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 dandavis
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # aes4js
 2 | A high-level long-term-supported AES-GCM 256 encrypt/decrypt routine for JavaScript using native WebCrypto API
 3 | 
 4 | # purpose
 5 | A simple and safe promise-based text+binary encryption library for browsers. It uses plain text keys and plain-text-capable (JSON) ciphertext output for easy integration and storage. Keeping with best practices, the AES Encryption keys are derived from the plain text password using 1,000,000 rounds of PBKDF with SHA256 to prevent brute-forcing guessing.
 6 | 
 7 | 
 8 | # usage
 9 | There are only 2 methods:
10 | 
11 | * *encrypt(key, plain)* - encode _plain_ (string or arrayBuffer) to ciphertext data object using _key_
12 | * *decrypt(key, cipher)* - decode _cipher_ object/JSON back into _plain_(string or arrayBuffer) using _key_
13 | 
14 | # live demo
15 | See it in action on [a dead-simple encode/decode demo](https://pagedemos.com/qskd4gcdndtg/output/).
16 | 
17 | # example
18 | ```
19 | aes4js.encrypt("123", "hello world") // encrypt with password 123
20 |       .then(aes4js.decrypt.bind(this, "123")) // decrypt
21 |       .then(alert) // display decrypted value
22 | ```
23 | 
24 | # requires
25 | aes4js uses no outside code libraries, but does require several native browser APIs and Classes:
26 | 
27 | * atob()
28 | * Array.from()
29 | * Blob()
30 | * FileReader()
31 | * TextDecoder()
32 | * TextEncoder()
33 | * Uint8Array()
34 | * crypto.getRandomValues()
35 | * crypto.subtle.encrypt()
36 | * crypto.subtle.decrypt()
37 | * crypto.subtle.digest()
38 | * crypto.subtle.exportKey()
39 | * crypto.subtle.importKey()
40 | 
41 | 
42 | 
43 | 
44 | 
45 | 
46 | 
47 | 
48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/aes4js.min.js:
--------------------------------------------------------------------------------
1 | // aes4js, by dandavis. MIT applies.
2 | (function(m,f){"function"===typeof define&&define.amd?define([],f):"object"===typeof exports?module.exports=f():m.aes4js=f()})(this,function(){function m(b){return crypto.subtle.digest("SHA-256",(new TextEncoder("utf-8")).encode(b)).then(function(a){return Array.from(new Uint8Array(a)).map(function(d){return("00"+d.toString(16)).slice(-2)}).join("")})}function f(b,a){if("object"===typeof b&&b.constructor===CryptoKey)return new Promise(function(d,c){return d(b)});10>b.length&&(b=b.repeat(12-b.length));
3 | return m("349d"+b+"9d3458694307"+b.length+String(a)).then(function(d){var c=(new TextEncoder).encode(b),e=(new TextEncoder).encode(d);return window.crypto.subtle.importKey("raw",c,{name:"PBKDF2"},!1,["deriveBits","deriveKey"]).then(function(h){return window.crypto.subtle.deriveKey({name:"PBKDF2",salt:e,iterations:1E6+b.length,hash:"SHA-256"},h,{name:"AES-GCM",length:256},!0,["encrypt","decrypt"])})})}function n(b){var a=b.split(/[:;,]/);b=a[1];a=("base64"==a[2]?atob:decodeURIComponent)(a.pop());var d=
4 | a.length,c=0,e=new Uint8Array(d);for(c;c<d;++c)e[c]=a.charCodeAt(c);return new Blob([e],{type:b})}return{encrypt:function(b,a){var d=window.crypto.getRandomValues(new Uint8Array(12)),c=(new TextEncoder("utf-8")).encode(a),e=0;"object"===typeof a&&(c=a,e=1);return f(b,d).then(function(h){return window.crypto.subtle.encrypt({name:"AES-GCM",iv:d,tagLength:128},h,c).then(function(k){return window.crypto.subtle.exportKey("jwk",h).then(function(g){return new Promise(function(p,q){var l=new FileReader;l.onload=
5 | function(){p({encrypted:l.result,iv:[].slice.call(d),bin:e})};l.onerror=q;l.readAsDataURL(new Blob([k]))})})})})["catch"](console.error)},decrypt:function(b,a){"string"===typeof a&&(a=JSON.parse(a));return f(b,"number"===typeof a.bin?a.iv:"").then(function(d){return(new Promise(function(c,e){var h=n(a.encrypted),k=new FileReader;k.onload=function(){window.crypto.subtle.decrypt({name:"AES-GCM",iv:new Uint8Array(a.iv),tagLength:128},d,k.result).then(function(g){return a.bin?g:(new TextDecoder("utf-8")).decode(g)}).then(c)["catch"](function(g){"OperationError"===
6 | String(g)&&(g="Oops!\n\nWrong Password, try again.");e(g)})};k.readAsArrayBuffer(h)}))["catch"](function(c){throw c;})})},derive:f}});
7 | 


--------------------------------------------------------------------------------
/aes4js.js:
--------------------------------------------------------------------------------
  1 | // aes4js, by dandavis. MIT applies.
  2 | (function (root, factory) {
  3 | 	if (typeof define === 'function' && define.amd) {
  4 | 		define([], factory);
  5 | 	} else if (typeof exports === 'object') {
  6 | 		module.exports = factory();
  7 | 	} else {
  8 | 		root.aes4js = factory();
  9 |   }
 10 | }(this, function () {
 11 | 	
 12 | function aesEnc(key, str) {
 13 | 	var iv = window.crypto.getRandomValues(new Uint8Array(12)),
 14 | 		encoder = new TextEncoder('utf-8'),
 15 | 		encodedString = encoder.encode(str),
 16 | 		bin = 0;
 17 | 	if(typeof str === "object") { // allows binary as well as string input
 18 | 		encodedString = str; // arrayish
 19 | 		bin = 1;
 20 | 	}
 21 | 	
 22 | 	return derive(key, iv).then(function(key) {
 23 | 		return window.crypto.subtle.encrypt({
 24 | 			name: "AES-GCM",
 25 | 			iv: iv,
 26 | 			tagLength: 128,
 27 | 		}, key, encodedString)
 28 | 		  .then(function(encrypted) {
 29 | 			return window.crypto.subtle.exportKey("jwk", key)
 30 | 			  .then(function(c) { // turn bin array into exportable dataURL:
 31 | 				return new Promise(function(resolve, reject) {
 32 | 					var fr = new FileReader;
 33 | 					fr.onload = function() {
 34 | 						resolve({
 35 | 							encrypted: fr.result, // ct
 36 | 							iv: [].slice.call(iv),// iv
 37 | 							bin: bin              // type flag
 38 | 						});
 39 | 					};
 40 | 					fr.onerror = reject;
 41 | 					fr.readAsDataURL(new Blob([encrypted]));
 42 | 				}); // end fr promise wrapper
 43 | 			}); // end export
 44 | 		}); //end encrypt
 45 | 	}) //end derive
 46 | 	.catch(console.error);
 47 | } /* end aesEnc() */
 48 | 
 49 | function aesDec(key, obj) {
 50 | 	if(typeof obj === "string") obj = JSON.parse(obj);
 51 | 	return derive(key, typeof obj.bin==="number" ? obj.iv : "").then(function(key) {
 52 | 		return new Promise(function(resolve, reject) { // turn dataURL into bin array:
 53 | 			var blob = dataUrlToBlob(obj.encrypted),
 54 | 				fr = new FileReader();
 55 | 			fr.onload = function() { // feed bin array to native decrypt:
 56 | 				window.crypto.subtle.decrypt({
 57 | 					name: "AES-GCM",
 58 | 					iv: new Uint8Array(obj.iv),
 59 | 					tagLength: 128,
 60 | 				}, key, fr.result)
 61 | 				  .then(function(x){ // if not bin input, decode:
 62 | 					return obj.bin ? x : new TextDecoder("utf-8").decode(x);
 63 | 				  })
 64 | 				  .then(resolve)
 65 | 				  .catch(function(y) { // given a op err here, a wrong pw was given
 66 | 					if(String(y) === "OperationError") y = "Oops!\n\nWrong Password, try again.";
 67 | 					reject(y);
 68 | 				}); //end catch
 69 | 			}; //end fr.onload()
 70 | 			fr.readAsArrayBuffer(blob);
 71 | 		}) //end promise wrapper
 72 | 		.catch(function(e) {throw e;});
 73 | 	}); //end derive
 74 | } /* end aesDec() */
 75 | 
 76 | function sha256(str) {
 77 | 	return crypto.subtle.digest("SHA-256", new TextEncoder("utf-8").encode(str))
 78 | 	  .then(function(x) {// turn into hex string:
 79 | 		return Array.from(new Uint8Array(x)).map(function(b) { 
 80 | 			return('00' + b.toString(16)).slice(-2);
 81 | 		}).join('');
 82 | 	});
 83 | } /* end sha256() */
 84 | 
 85 | function derive(plainText, iv) { // key derivation using 1,000,000x pbkdf w/sha256
 86 | 	if(typeof plainText==="object" && plainText.constructor=== CryptoKey) return new Promise(function(resolve, reject){  return resolve(plainText); });
 87 | 	if(plainText.length < 10) plainText = plainText.repeat(12 - plainText.length);
 88 | 
 89 | 	return sha256("349d" + plainText + "9d3458694307" + plainText.length + String(iv))
 90 | 	  .then(function(salt) {
 91 | 		var passphraseKey = new TextEncoder().encode(plainText),
 92 | 			saltBuffer = new TextEncoder().encode(salt);
 93 | 		return window.crypto.subtle.importKey('raw', passphraseKey, {
 94 | 			name: 'PBKDF2'
 95 | 		}, false, ['deriveBits', 'deriveKey'])
 96 | 		  .then(function(key) {
 97 | 			return window.crypto.subtle.deriveKey({
 98 | 				"name": 'PBKDF2',
 99 | 				"salt": saltBuffer,
100 | 				"iterations": 1000000 + plainText.length,
101 | 				"hash": 'SHA-256'
102 | 			}, key, {
103 | 				"name": 'AES-GCM',
104 | 				"length": 256
105 | 			}, true, ["encrypt", "decrypt"]);
106 | 		});
107 | 	});
108 | } /* end derive() */
109 | 
110 | 
111 | function dataUrlToBlob(strUrl) { // support util for converting bin arrays
112 | 	var parts = strUrl.split(/[:;,]/),
113 | 		type = parts[1],
114 | 		decoder = parts[2] == "base64" ? atob : decodeURIComponent,
115 | 		binData = decoder(parts.pop()),
116 | 		mx = binData.length,
117 | 		i = 0,
118 | 		uiArr = new Uint8Array(mx);
119 | 	for(i; i < mx; ++i) uiArr[i] = binData.charCodeAt(i);
120 | 	return new Blob([uiArr], {type: type});
121 | } /* end dataUrlToBlob() */
122 | 
123 | 	
124 | // provide utils as methods:
125 | return {
126 | 	encrypt: aesEnc, 
127 | 	decrypt: aesDec,
128 | 	derive:  derive,
129 | };
130 | 
131 | }));
132 | 


--------------------------------------------------------------------------------
/demo.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html>
 3 | <head>
 4 |     <meta charset="UTF-8">
 5 |     <title>dan's file encrypter</title>
 6 | <style>
 7 | body { font: 20px arial; }
 8 | #output.offer { box-shadow: 0 0 5em green inset; }
 9 | </style>
10 | </head><body>
11 | 
12 |   <h1>dan's file encrypter</h1>
13 |   <p>Encrypt file with 256 AES (GCM) using a PBKDF key</p>
14 |   
15 | <main>
16 |   
17 | <label> <b>Password</b>	
18 |   <input value="" type="password"  id="inpKey" />	
19 | </label>
20 | <hr>
21 |   
22 | <label> <b>Plain or Encrypted File</b> <br><br>
23 |   <input value="" type="file"  id="inpFile" onchange="handleFile(this.files[0]);" />	
24 | </label>
25 |   <b> - OR -</b>
26 |   
27 | <div id="output" 
28 |   style="min-height: 100px; border: 2px inset black; background: #ddd; margin: 0.5em 0;text-align: center;padding-top: 3em;"
29 |   ondragenter="this.className='offer'; event.stopPropagation(); event.preventDefault();"
30 |   ondragover="event.stopPropagation(); event.preventDefault();"
31 |   ondragend="this.className=''; "
32 |   ondrop="this.className=''; event.stopPropagation(); event.preventDefault();dodrop(event);">
33 | 	     DROP FILE HERE
34 | </div>
35 | </main>
36 | <script>
37 | // aes4js, by dandavis. MIT applies.
38 | ;(function(g,d){"function"==typeof define&&define.amd?define([],d):"object"==typeof exports?module.exports=d():g.aes4js=d()})(this,function(){function g(b){return crypto.subtle.digest("SHA-256",(new TextEncoder("utf-8")).encode(b)).then(function(a){return Array.from(new Uint8Array(a)).map(function(a){return("00"+a.toString(16)).slice(-2)}).join("")})}function d(b){return 10>b.length&&(b=b.repeat(12-b.length)),g("349d"+b+"9d3458694307"+b.length).then(function(a){var e=(new TextEncoder).encode(b),c=(new TextEncoder).encode(a);return crypto.subtle.importKey("raw",e,{name:"PBKDF2"},!1,["deriveBits","deriveKey"]).then(function(a){return window.crypto.subtle.deriveKey({name:"PBKDF2",salt:c,iterations:1e6+b.length,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["encrypt","decrypt"])})})}function h(b){var a=b.split(/[:;,]/);b=a[1],a=("base64"==a[2]?atob:decodeURIComponent)(a.pop());var e=a.length,c=0,f=new Uint8Array(e);for(c;c<e;++c)f[c]=a.charCodeAt(c);return new Blob([f],{type:b})}return{encrypt:function(b,a){var e=crypto.getRandomValues(new Uint8Array(12)),c=(new TextEncoder("utf-8")).encode(a),f=!1;return"object"==typeof a&&(c=a,f=!0),d(b).then(function(a){return window.crypto.subtle.encrypt({name:"AES-GCM",iv:e,tagLength:128},a,c).then(function(b){return window.crypto.subtle.exportKey("jwk",a).then(function(a){return new Promise(function(a,c){var d=new FileReader;d.onload=function(){a({encrypted:d.result,iv:[].slice.call(e),bin:f})},d.onerror=c,d.readAsDataURL(new Blob([b]))})})})})["catch"](console.error)},decrypt:function(b,a){return"string"==typeof a&&(a=JSON.parse(a)),d(b).then(function(b){return(new Promise(function(c,d){var e=h(a.encrypted),f=new FileReader;f.onload=function(){crypto.subtle.decrypt({name:"AES-GCM",iv:new Uint8Array(a.iv),tagLength:128},b,f.result).then(function(b){return a.bin?b:(new TextDecoder("utf-8")).decode(b)}).then(c)["catch"](function(a){"OperationError"===String(a)&&(a="Opps!\r\n\r\nWrong Password, try again."),d(a)})},f.readAsArrayBuffer(e)}))["catch"](function(a){throw a})})}}});
39 | 
40 | //download.js v4.21, by dandavis;  [MIT] 
41 | ;(function(root,factory){typeof define=="function"&&define.amd?define([],factory):typeof exports=="object"?module.exports=factory():root.download=factory()})(this,function(){return function download(data,strFileName,strMimeType){var self=window,defaultMime="application/octet-stream",mimeType=strMimeType||defaultMime,payload=data,url=!strFileName&&!strMimeType&&payload,anchor=document.createElement("a"),toString=function(a){return String(a)},myBlob=self.Blob||self.MozBlob||self.WebKitBlob||toString,fileName=strFileName||"download",blob,reader;myBlob=myBlob.call?myBlob.bind(self):Blob,String(this)==="true"&&(payload=[payload,mimeType],mimeType=payload[0],payload=payload[1]);if(url&&url.length<2048){fileName=url.split("/").pop().split("?")[0],anchor.href=url;if(anchor.href.indexOf(url)!==-1){var ajax=new XMLHttpRequest;return ajax.open("GET",url,!0),ajax.responseType="blob",ajax.onload=function(e){download(e.target.response,fileName,defaultMime)},setTimeout(function(){ajax.send()},0),ajax}}if(/^data:([\w+-]+\/[\w+.-]+)?[,;]/.test(payload)){if(!(payload.length>2096103.424&&myBlob!==toString))return navigator.msSaveBlob?navigator.msSaveBlob(dataUrlToBlob(payload),fileName):saver(payload);payload=dataUrlToBlob(payload),mimeType=payload.type||defaultMime}else if(/([\x80-\xff])/.test(payload)){var i=0,tempUiArr=new Uint8Array(payload.length),mx=tempUiArr.length;for(i;i<mx;++i)tempUiArr[i]=payload.charCodeAt(i);payload=new myBlob([tempUiArr],{type:mimeType})}blob=payload instanceof myBlob?payload:new myBlob([payload],{type:mimeType});function dataUrlToBlob(strUrl){var parts=strUrl.split(/[:;,]/),type=parts[1],indexDecoder=strUrl.indexOf("charset")>0?3:2,decoder=parts[indexDecoder]=="base64"?atob:decodeURIComponent,binData=decoder(parts.pop()),mx=binData.length,i=0,uiArr=new Uint8Array(mx);for(i;i<mx;++i)uiArr[i]=binData.charCodeAt(i);return new myBlob([uiArr],{type:type})}function saver(url,winMode){if("download"in anchor)return anchor.href=url,anchor.setAttribute("download",fileName),anchor.className="download-js-link",anchor.innerHTML="downloading...",anchor.style.display="none",anchor.addEventListener("click",function(e){e.stopPropagation(),this.removeEventListener("click",arguments.callee)}),document.body.appendChild(anchor),setTimeout(function(){anchor.click(),document.body.removeChild(anchor),winMode===!0&&setTimeout(function(){self.URL.revokeObjectURL(anchor.href)},250)},66),!0;if(/(Version)\/(\d+)\.(\d+)(?:\.(\d+))?.*Safari\//.test(navigator.userAgent))return/^data:/.test(url)&&(url="data:"+url.replace(/^data:([\w\/\-\+]+)/,defaultMime)),window.open(url)||confirm("Displaying New Document\n\nUse Save As... to download, then click back to return to this page.")&&(location.href=url),!0;var f=document.createElement("iframe");document.body.appendChild(f),!winMode&&/^data:/.test(url)&&(url="data:"+url.replace(/^data:([\w\/\-\+]+)/,defaultMime)),f.src=url,setTimeout(function(){document.body.removeChild(f)},333)}if(navigator.msSaveBlob)return navigator.msSaveBlob(blob,fileName);if(self.URL)saver(self.URL.createObjectURL(blob),!0);else{if(typeof blob=="string"||blob.constructor===toString)try{return saver("data:"+mimeType+";base64,"+self.btoa(blob))}catch(y){return saver("data:"+mimeType+","+encodeURIComponent(blob))}reader=new FileReader,reader.onload=function(e){saver(this.result)},reader.readAsDataURL(blob)}return!0}});
42 | 	
43 | 
44 | function handleFile(file) {
45 | 	var fr = new FileReader();
46 | 	fr.onload = function() {
47 | 		if(file.name.endsWith("encrypted")) {
48 | 			aes4js.decrypt(inpKey.value, this.result).then(function(arrBuffFileContent) {
49 | 				download(new Blob([arrBuffFileContent]), file.name.replace(".encrypted", ""));
50 | 			});
51 | 		} else { // plain text, encrypt:
52 | 			aes4js.encrypt(inpKey.value, this.result).then(JSON.stringify).then(function(strFileContents) {
53 | 				download(strFileContents, file.name + ".encrypted");
54 | 			});
55 | 		}// end if encrypted?
56 | 	}; // end onload()
57 | 
58 | 	if(file.name.endsWith("encrypted")) {
59 | 		fr.readAsText(file); // json input
60 | 	} else {
61 | 		fr.readAsArrayBuffer(file); // arbitrary input
62 | 	}
63 | } //end handleFile()
64 | 
65 | function dodrop(event) {
66 | 	if(inpKey.value.length < 1) return alert("ERROR!\nNo password provided");
67 | 	var dt = event.dataTransfer;
68 | 	var files = dt.files;
69 | 	handleFile(files[0]);
70 | } //end dodrop()
71 |                              
72 | </script>
73 | </body>
74 | </html>
75 | 


--------------------------------------------------------------------------------